KASUS I
Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor.
Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret recipe.
Security staff have been monitoring Ann’s activity for some time, but haven’t found anything suspicious– until now. Today an unexpected laptop briefly appeared on the company wireless network. Staff hypothesize it may have been someone in the parking lot, because no strangers were seen in the building. Ann’s computer, (192.168.1.158) sent IMs over the wireless network to this computer. The rogue laptop disappeared shortly thereafter.
Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor.
Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret recipe.
Security staff have been monitoring Ann’s activity for some time, but haven’t found anything suspicious– until now. Today an unexpected laptop briefly appeared on the company wireless network. Staff hypothesize it may have been someone in the parking lot, because no strangers were seen in the building. Ann’s computer, (192.168.1.158) sent IMs over the wireless network to this computer. The rogue laptop disappeared shortly thereafter.
“We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”
You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:
1. What is the name of Ann's IM buddy?
2. What was the first comment in the captured IM conversation?
3. What is the name of the file Ann transferred?
4. What is the magic number of the file you want to extract (first four bytes)?
5. What was the MD5sum of the file?
6. What is the secret recipe?
Ilustrasi kasus dengan 5W (what, why, where, when, who) dan 1 H (how):
What :
Pada kasus diatas dapat diketahui bahwa perusahaan Anarchy-R-Us Inc mencurigai salah satu karyawannya yaitu Ann Dercover sebagai mata-mata dan membocorkan rahasia perusahaan kepada perusahaan pesaingnya.
Why:
Masih tahap prediksi: bahwa Ann dibayar mahal oleh perusaan lainnya agar Ann mau membocorkan rahasia perusahaanya, dalam hal ini berupa resep makanan.
Where:
Di Anarchy-R-Us, Inc salah satu perusahaan di US
When:
Diketahui dari kasus diatas bahwa waktu saat Ann melakukan chating yaitu 8-12-2009 : 10:57:15 PM
Who:
Pelaku yaitu Ann Dercover
How:
Dengan menggunakan Instant Messanger, melalui jaringan Nirkabel yang ada pada perusahaan Ann.
KASUS II
Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann got a brand new AppleTV, and configured it with the static IP address 192.168.1.10. Here is the packet capture with her latest activity.
You are the forensic investigator. Your mission is to find out what Ann searched for, build a profile of her interests, and recover evidence including:
1. What is the MAC address of Ann’s AppleTV?
2. What User-Agent string did Ann’s AppleTV use in HTTP requests?
3. What were Ann’s first four search terms on the AppleTV (all incremental searches count)?
4. What was the title of the first movie Ann clicked on?
5. What was the full URL to the movie trailer (defined by “preview-url”)?
6. What was the title of the second movie Ann clicked on?
7. What was the price to buy it (defined by “price-display”)?
8. What was the last full term Ann searched for?
Ilustrasi kasus dengan 5W (what, why, where, when, who) dan 1 H (how):
What :
Pada kasus II diatas diketahui bahwa Ann dan Mr. X mendapatkan AppleTv yang baru yang terkonfigurasi dengan alamat IP 192.168.1.10. hal ini menimbulkan kecurigaaan dengan alamat yang terkait sehingga tim forensic diminta untuk memantau aktifitas baru dari Ann tersebut.
Why:
Masih tahap prediksi: Mencurigai adanya interaksi rahasia dengan alamat ip yang terkonfigurasi tersebut.
Where:
Pada sebuah perusahaan, namun tidak disebutkan secara jelas nama perusahaan dan alamatnya.
When:
Diketahui dari kasus tersebut bahwa waktu Ann melakukan aktifitas browsing tercatat 12/27/2009 8:08:59 sampai 12/27/2009 8:10:39
Who:
Pelaku yang dicurigai bernama Ann
How:
Dengan melakukan browsing yang terkoneksi dengan alamat Ip 192.168.1.10 melalui AppleTv
You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:
1. What is the name of Ann's IM buddy?
2. What was the first comment in the captured IM conversation?
3. What is the name of the file Ann transferred?
4. What is the magic number of the file you want to extract (first four bytes)?
5. What was the MD5sum of the file?
6. What is the secret recipe?
Ilustrasi kasus dengan 5W (what, why, where, when, who) dan 1 H (how):
What :
Pada kasus diatas dapat diketahui bahwa perusahaan Anarchy-R-Us Inc mencurigai salah satu karyawannya yaitu Ann Dercover sebagai mata-mata dan membocorkan rahasia perusahaan kepada perusahaan pesaingnya.
Why:
Masih tahap prediksi: bahwa Ann dibayar mahal oleh perusaan lainnya agar Ann mau membocorkan rahasia perusahaanya, dalam hal ini berupa resep makanan.
Where:
Di Anarchy-R-Us, Inc salah satu perusahaan di US
When:
Diketahui dari kasus diatas bahwa waktu saat Ann melakukan chating yaitu 8-12-2009 : 10:57:15 PM
Who:
Pelaku yaitu Ann Dercover
How:
Dengan menggunakan Instant Messanger, melalui jaringan Nirkabel yang ada pada perusahaan Ann.
KASUS II
Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann got a brand new AppleTV, and configured it with the static IP address 192.168.1.10. Here is the packet capture with her latest activity.
You are the forensic investigator. Your mission is to find out what Ann searched for, build a profile of her interests, and recover evidence including:
1. What is the MAC address of Ann’s AppleTV?
2. What User-Agent string did Ann’s AppleTV use in HTTP requests?
3. What were Ann’s first four search terms on the AppleTV (all incremental searches count)?
4. What was the title of the first movie Ann clicked on?
5. What was the full URL to the movie trailer (defined by “preview-url”)?
6. What was the title of the second movie Ann clicked on?
7. What was the price to buy it (defined by “price-display”)?
8. What was the last full term Ann searched for?
Ilustrasi kasus dengan 5W (what, why, where, when, who) dan 1 H (how):
What :
Pada kasus II diatas diketahui bahwa Ann dan Mr. X mendapatkan AppleTv yang baru yang terkonfigurasi dengan alamat IP 192.168.1.10. hal ini menimbulkan kecurigaaan dengan alamat yang terkait sehingga tim forensic diminta untuk memantau aktifitas baru dari Ann tersebut.
Why:
Masih tahap prediksi: Mencurigai adanya interaksi rahasia dengan alamat ip yang terkonfigurasi tersebut.
Where:
Pada sebuah perusahaan, namun tidak disebutkan secara jelas nama perusahaan dan alamatnya.
When:
Diketahui dari kasus tersebut bahwa waktu Ann melakukan aktifitas browsing tercatat 12/27/2009 8:08:59 sampai 12/27/2009 8:10:39
Who:
Pelaku yang dicurigai bernama Ann
How:
Dengan melakukan browsing yang terkoneksi dengan alamat Ip 192.168.1.10 melalui AppleTv
Tidak ada komentar:
Posting Komentar